Fortinet Issues Urgent Security Patches for Critical Vulnerabilities

CVE-2023-42789

Fortinet, a leading cybersecurity firm, has released five security advisories addressing six major vulnerabilities affecting its popular FortiOS, FortiProxy, and FortiClientEMS products. These vulnerabilities have high severity ratings and require immediate attention from administrators using the affected versions.

CVE-2023-42789

Affected Products

  • FortiOS & FortiProxy: CVE-2023-42789, CVE-2023-42790, CVE-2024-23112, CVE-2023-46717
  • FortiClientEMS: CVE-2023-47534, CVE-2023-48788

Critical Vulnerabilities and Potential Impact

  • FortiOS & FortiProxy: Critical Risks (CVE-2023-42789, CVE-2023-42790) These carry the highest severity ratings (9.8 and 8.1). If exploited, attackers could potentially seize complete control of vulnerable systems. Fortinet’s response includes recommended workarounds involving the adoption of non-form-based authentication schemes, offering a temporary bulwark against these vulnerabilities. These schemes range from NTLM and basic HTTP authentication to more sophisticated methods like SAML and client certificate authentication, reflecting the diversity of defense mechanisms required in today’s cybersecurity landscape.
  • Unauthorized Account Access (CVE-2024-23112, CVSS 7.2) This flaw primarily affects systems using SSL-VPN functionality. A successful attack could give attackers access to sensitive user data and internal network resources.
  • Escalation of privilege (CVE-2023-46717, CVSS 6.7) This vulnerability centers on FortiAuthenticator. In specific configurations, an attacker could elevate basic, read-only permissions to full read-write control.
  • FortiClientEMS: (CVE-2023-47534 (CVSS 8.7), CVE-2023-48788 (CVSS 9.3)) Both of these vulnerabilities could be exploited to inject malicious code into vulnerable endpoint management systems. The implications include potential data breaches and the spread of malware.

Recommendations

Fortinet strongly recommends that users of the affected software versions apply the necessary updates and patches immediately. For situations where updating is not immediately feasible, Fortinet has provided workarounds to mitigate the risk of exploitation.

Related Link